Posts by Sarah Vonnegut:

Blog Headers

Security Testing in the SDLC: A Beginner’s Guide

Feb 26, 2016 By Sarah Vonnegut | As requirements for faster release cycles and applications packed with more features than ever keep organizations rushing to production, we can’t afford to skip a beat when it comes to security. Developers with all stages of security knowhow are being hired, and right beside giving developers a thorough education in secure coding is ensuring the code they write is secure well before it gets deployed.   This is where a strong security testing approach becomes an organization’s saving grace.

</Read More>
Software Security Assurance

Software Security Assurance: 4 Secrets to Unleashing the Power of Your Program

Feb 19, 2016 By Sarah Vonnegut | The software and web applications we design, develop and deploy in our organizations are a major resource in and of themselves, without even considering the critical data they may hold. Building secure software should be an essential part of any organization, and yet software security assurance still lags depressingly behind quality assurance in the vast majority of organizations. Software vulnerabilities pose one of the greatest risks to our organizations, yet they’re one of the areas least understood and therefore least attended to.

</Read More>
cybersecurity_organizations_resources

The Cybersecurity Organizations & Resources You Need to Know

Feb 12, 2016 By Sarah Vonnegut | No matter where you are on your journey in security, there is always room to keep learning. Especially in the security industry, it’s important to aim for a deep understanding of software and how applications interact on the web. In such a dynamic field, there’s no doubt the learning will never end.   Luckily for students of cybersecurity, there are plenty of organizations doing the hard work to help us better understand what we’re working to protect, and how best to secure our own organizations. These organizations are helping fight the “cyber battles” – and are helping us do the same. From nonprofits to university centers to government-funded research facilities, the security industry has its’ bases covered. There’s a never-ending mountain of high-quality research and guides anyone interested can access – if you know the right places to look.

</Read More>
Secure Code Review

5 Best Practices for the Perfect Secure Code Review

Feb 05, 2016 By Sarah Vonnegut | You’ve worked hard to ensure that security tools and processes are integrated throughout development, and an application or update is days or possibly just hours away from release. Your app is ready to go, right? Wrong! You’ve got one more step in the security process before you can give the green light where security is concerned: A Secure Code Review. In many industries, including the healthcare and payment verticals, secure code reviews are a mandatory part of the compliance requirement, and they offer an added layer of security before your application is released. Whether mandated or not, secure code reviews offer an added value for the security of your application and the organization at large.

</Read More>
Ultimate Guide to CSRF

The Ultimate Guide to Understanding & Preventing CSRF

Jan 22, 2016 By Sarah Vonnegut | We hear about SQL injection and Cross-Site Scripting constantly – but there are eight other high-risk vulnerabilities we need to be aware of, just in the OWASP Top Ten. One of those eight is yet another one to keep your eyes out for: Cross-Site Request Forgery, normally shortened as CSRF or XSRF.     CSRF is widespread in today’s web apps, OWASP says, and can cause some major damage when exposed in an app that deals with money or data. Just how much damage? The most powerful CSRF attack is most likely this attack discovered against uTorrent in 2008, which would have given an attacker complete control over a victim’s system using a record three CSRF attacks in a row. And while most CSRF attacks aren’t as damaging as that one, they can do damage, given an opportunity in a data-rich web application.  

</Read More>
Security Experts

Security Experts Speak: Biggest AppSec Priorities and Concerns in 2016

Jan 15, 2016 By Sarah Vonnegut | Each year opens a new Pandora’s Box for the security industry, with a slew of never-before-seen evil wonders that can throw anyone not prepared for a loop. That’s why risk management is so critical in our field – since we can’t know what’s to come, we need to prepare as best we can before that worst-case scenario happens. If you’re not a security expert, though, it can be difficult to figure out where to spend your energy over the year in terms of securing your organization. 
To help give a bit of perspective to what top security experts are gearing up for this year, we asked eight of the world’s top security experts in various roles, including a pentester, several CISOs, a secure developer, a security engineer and an international speaker on security topics, to share their thoughts with us.  

</Read More>
Application Security Trends

The Application Security Trends You Can’t Ignore in 2016

Jan 08, 2016 By Sarah Vonnegut | Application security is finally beginning to take wind. After years of being pushed to the background in favor of other areas of IT security, recently we’ve seen a major shift in the security landscape where application security is finally getting attention.With 84% of attacks aimed at the application layer – it’s about time, too.   Application security is a big field, though, and it can be overwhelming to begin an application security program without having an idea of where to start. And that’s where knowing what trends are on the horizon and aligning them to your own organizational needs can be especially helpful.

</Read More>
Most Popular Posts Checkmarx Blog

The 10 Most Popular Posts of 2015

Jan 01, 2016 By Sarah Vonnegut | As we say goodbye to 2015 and begin the new year, we’d like to take a moment to reflect on the great year we had on the Checkmarx blog. We’ve covered a huge array of topics, from interviews with ethical hackers to discussions on the importance of integrating security and DevOps, and it’s that variety that shows through in our most popular posts of 2015.   In the new year, we promise to continue writing articles and guides that will help both security professionals and those wanting to learn more about security progress in their AppSec journeys.   For now, these are the ten most popular posts from the Checkmarx blog in 2015 – enjoy!  

</Read More>
Blog Headers

Why DevOps Is Actually Good for Your Security Program

Dec 18, 2015 By Sarah Vonnegut | With organizational culture – and along with it processes and technology – evolving at a pace we’ve never experienced before, we can’t sit back and wait for the “DevOps fad” to fade away. It’s not a fad, it’s an evolved way of software development. And security cannot be the elephant in the room, the team everyone avoids because it just gets too complicated. Security must evolve, as well. We must become SecDevOps.   Many organizations are now routinely pushing out tens if not hundreds of releases and updates on a daily basis. If there’s ever been a wake-up call for the security industry to change their outdated ways – DevOps is it.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.